Friday, January 9, 2009

How to create the registry key to restrict access to the registry

The Security permissions set on this key define what Users or Groups can connect to the system for remote Registry access. The default Windows installation defines this key and sets the Access Control List to restrict remote registry access as follows:

Administrators have Full Control
The default configuration for Windows permits only Administrators remote access to the Registry. Changes to this key to allow users remote registry access require a system reboot to take effect.

1. Start Registry Editor (Regedt32.exe) and go to the following subkey:
2. On the Edit menu, click Add Key.
3. Enter the following values:
Key Name: SecurePipeServers
Class: REG_SZ
4. Go to the following subkey:
5. On the Edit menu, click Add Key.
6. Enter the following values:
Key Name: winreg
Class: REG_SZ
7. Go to the following subkey:
8. On the Edit menu, click Add Value.
9. Enter the following values:
Value Name: Description
Data Type: REG_SZ
String: Registry Server
10. Go to the following subkey.
11. Select "winreg". Click Security and then click Permissions. Add users or groups to which you want to grant access.
12. Exit Registry Editor and restart Windows.
13. If you at a later stage want to change the list of users that can access the registry, repeat steps 10-12.

No comments:

Post a Comment